Cyber Crime: Unwelcome, Underground and Highly Successful

The ramifications of an un-patrolled Internet are even more extensive than anyone might have expected. It’s bad enough that pornography and other noxious sites that abuse our children flourish because there are not enough vigilantes to say they can’t, but now our own personal identities and our right to keep them to ourselves are at stake.

What can we do?

Cyber-criminals are a slick and very successful breed of thieves who thrive on stealing identities and creating their own black market for buying and selling credit card and bank information. When you enter your credit card information, it become possible for these criminals can steal it.

Here’s how it works. Once your information has been stolen, an online chat, by invitation only, is set up to provide a commercial channel among cyber criminals. A temporary hacker channel (Internet Relay Chat aka IRC) is often established for business transactions and then quickly disassembled to avoid detection.

After the information is purchased, that criminal can use a machine to print out a fake credit card with your information. But many use yet another third person to wire stolen money into an overseas bank account. Buyers and sellers on these hacker IRC channels use this third party to “test the card” for a fee. This person in the chain is referred to as a “mule,” and many times doesn’t even know that he or she is part of an underground criminal scheme. Usually, the process begins by the request to charge a very small amount on the card.

The criminals find mules as they respond to those “make money from home” schemes; you know, those ads that promise instant wealth that really seem too good to be true. (Well, they are.) Stolen money is wired to the mules’ accounts, and that money is then subsequently sent to an overseas account for a 10% to 15% fee. It is doubly cruel to the unsuspecting mule because their actions are risky and law enforcement usually finds them first, giving the real cyber-criminals ample time to escape and set up shop somewhere else.

According to Dave Cole, senior director of product management at Symantec, hacker IRCs can accommodate more than 90,000 cyber-criminal conversations simultaneously.

Malware is the vehicle responsible for these cyber attacks. Without the user even being slightly aware, this malicious software turns computer information and control over to the “bad guys.” There are several kinds of malware. They include: Trojan horses, keystroke logging, viruses and worms.

The Internet black market sells credit cards for an average of 98 cents each when sold in bulk, making them the cheapest commodities available to cyber criminals. A full identity costs $10. Fifty-one percent of the stolen advertised goods are credit card and bank account information; a staggering figure that is up 38% from 2007! Credit cards that retain expiration dates and CVV2 numbers (customer card ID numbers) fetch more on the underground market than those cards with numbers only.

That old expression about honor among thieves does not appear to ring true in the world of cyber crime, as hackers have been known to sell the same credit card information to multiple users even knowing that many of the cards have been cancelled. While this may be apt punishment and good for gander material, as another old saying postulates, it does not alter the disturbing nature of the situation for the innocent credit card user who will be the one to pay the consequences.

Unfortunately, cyber-criminals are so skilled at hacking into thousands of computers daily that crime pays handsomely. According to data from Symantec, maker of the Norton Antivirus software, cyber criminals have netted as much as eight billion dollars annually. Due to its highly lucrative promises, more and more thieves are attracted to the cyber underworld. In the last year alone, Internet security threats rose to 1.7 million.

According to FBI special agent Austin Berglas, who supervises the Bureau’s New York Internet crimes squad:

“Most cyber-criminals are very, very interested in financial gain by compromising customer accounts. Believe it or not, there are people who fall victim to their scams, and we see it every day.”

The FBI is working undercover in many of these IRC channels in an effort to thwart the cyber-criminals. Often, captured criminals agree to work for the government in exchange for reduced sentences. That strategy has its place but it doesn’t always work.

Consider the case of Albert Gonzalez, the infamous TJ Maxx (TJX, Fortune 500) cyber-thief who stole 45 million credit cards numbers and turned FBI informant back in 2007. He helped to collapse a massive credit card scheme only to betray the FBI by later using insider information to help fellow criminals evade detection.

In the words of Rowan Trollope, senior vice president of product development at Symantec:

“The truth is that fingerprint security technology is no longer effective. The bad guys that got involved are organized professionals, and they figured out how to get around our technology.”

Because of your opening paragraph, namely: "It’s bad enough that pornography and other noxious sites that abuse our children flourish…" I will not read this article and would not take it seriously if I did.

Saying that hackers are skilled is 90% of the time completely false. Hackers are usually very unskilled. And the hackers that are skilled are far out matched by professional security researchers. This is a very badly written article, and once again falls victim to the notion that hacking is some kind of art form that takes a great deal of skill.

While it may be true that there is an entire sub-culture of unskilled "hackers", usually called script kiddies, there are those that are highly skilled at what they do. I know several people that currently have jobs in computer security because they exposed security holes in corporate systems (non-maliciously, of course). True hackers do it for the fun and the challenge, not to cause harm. The ones referenced in this article aren't hackers. Anyone that becomes a mule by taking part in a get rich for doing nothing scheme deserves exactly what they get as a lesson in reality. And if you have malware on your system, perhaps you should stop clicking on every popup that comes up on your screen and stop installing every toolbar and widget meant to grab your attention..